The top 10 awfully bad passwords people use

Many end users don't understand the need for good passwords, report shows

By Michael Hardy

May 14, 2010

You might think that after nearly two decades of data breaches, identity theft and other online risks, your average end user would understand by now the importance of creating strong passwords and protecting them.

You would be wrong.

Data security firm Imperva analyzed 32 million passwords that a hacker stole from an application developer called rockyou.com, and published a report of the findings earlier this year – including the 10 most-commonly used passwords, all of them terrible.

They are:

123456

12345

123456789

Password

iloveyou

princess

rockyou

1234567

12345678

abc123

Entry No. 7, "rockyou," is the name of the Web site for which the users created the password. Their Amazon.com and Audible.com passwords are probably "amazon" and "audible," respectively.

Nearly half of the users created easily guessable passwords, including names, dictionary words and strings of consecutive numbers, according to the report. The most common password found was "123456."

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyberattacks: With only minimal effort, a hacker can gain access to one new account every second — or 1,000 accounts every 17 minutes," said Amichai Shulman, Imperva's chief technology officer, in a written statement that accompanied the release of the findings. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."

Featured

A two-year campaign that prompted the Department of Homeland Security to issue its first-ever emergency directive to agencies to shore up cyber defenses appears in part to have been an attempt to spy on U.S. government internet traffic.